One CIO’s Trash, Is The Same CIO’s Liability

What happens when end use computing, mobile devices and data center infrastructure reach the end of its useful life in the enterprise environment? It turns into a major business liability.

13737975_xl_electronic_wasteEach week, vast amounts of hardware is discarded by corporations large and small as they replace or upgrade to newer computing hardware. Some companies believe that they are doing the right thing during the decommissioning process by focusing on following ecologically sound recycling practices. This often includes “deleting” information or “wiping” VoIP or mobile phones to round out the end of life process.

However, once these steps have been undertaken, few firms ever take the trouble to independently audit what is left on those drives or trace where they ultimately go in their long journey after they leave. Unfortunately pressing “delete” is seldom enough.

Robert Plant, who is an associate professor at the University of Miami says:

“Security is only as strong as the weakest link. Law enforcement, the security services and industrial spies who dumpster dive (or, more accurately, bid on containers of e-waste) have the tools and the capabilities to retrieve your deleted data from sources such as cache memory and discarded routers. In addition, they can piece together data from multiple sources.”

The professor goes on to cite an example that could happen at any financial services firm that does not properly vette its chosen IT asset disposal, computer recycling or data destruction partner.

Anyone who has “C” as part of the professionally assigned title, should not only pay close attention to what is spent when acquiring new IT equipment or even a new full size printer or copier, but also on future costs involved in decomissioning that asset. Environmental, data security and corporate liability are all to be equally thought about. You can not afford not to.

Perhaps for many firms it is time to start reassessing their corporate-information disposal processes. They need to stop thinking of this as a disposal problem for facilities to handle and realign this under the correct risk-management authority it truly deserves. One good place to start is to look into the costs of on-site data destruction and hard drive shredding.

On a per HDD basis, it may be the best business decision that can be made for less than the cost of a soup and half a sandwhich combo at your favorite NYC deli, pickle and sides not included.

Looking for More Info On Best Practices for EOL Equipment?